Topic-specific policies
ISO/IEC TS 27570


Search this site
 

ISMS templates

< Previous standard      ^ Up a level ^      Next standard >

 

ISO/IEC TS 27570:2021 — Privacy protection — Privacy guidelines for smart cities

 

Abstract

“This document takes a multiple agency as well as a citizen centric viewpoint. It provides guidance on smart city ecosystem privacy protection, on how privacy standards can be used at a global level and at an organizational level for the benefit of citizens, and on processes for smart city ecosystem privacy protection. It is applicable to all types and sizes of organizations, including public and private companies, government entities, and notfor-profit organizations that provide services in smart city environments.”
[Source: SC27 Standing Document 11 (2021)]
 

Introduction

’Smart cities’ are emerging from the confluence of public wireless networks, mobile/portable devices, the Internet of Things (both industrial and consumer), automation, cloud computing, smart devices with advanced automation and artificial intelligence/machine learning, big data and more. As disparate ICT system are increasingly and dynamically communicating within our cities, both opportunities and risks are opening up for individuals plus the commercial and governmental agencies providing various services (such as communications, energy, transportation, healthcare and law enforcement).

 

Scope of the standard

Although the guideline briefly mentions information security aspects such as safety and resilience, the guideline specifically concerns privacy in the context of smart cities including ‘smart city ecosystem privacy protection’.

Rhetorical questions include:

  • To what extent is it appropriate for individuals to be identified, tracked and monitored through their ICT devices and digital interactions as they go about their business in the city?
  • Since privacy requirements and expectations vary between the authorities, businesses and individuals, how should those tensions be managed?
  • Even though the collection, processing and disclosure of personal data may be restricted on privacy grounds, what (if anything) can/should be done to restrict correlation and inference being used as large quantities of information become available for sharing and analysis?
  • Is it even feasible to support (an appropriate degree of) anonymity if individuals so desire, without excluding them and denying them the advantages of interaction between smart devices?

There are social/societal aspects to this, as well as the technological and personal.

Given the rapid pace of change in this area, the guideline cannot fully address all the issues at this time but instead seeks to establish a reference (conceptual) framework as a basis for the development of future standards.

 

Content of the standard

The guideline provides conceptual diagrams and explanations, emphasizing other applicable standards.

 

Status

The standard was published as a Technical Specification in January 2021.

 

Personal notes

This visionary, conceptual, innovative and remarkable standard was conceived way back in 2015.

The issues it covers are still barely even recognised as such at this point, at least not outside the specialism. Better to influence the thinking and direction on privacy, governance and related matters now than to complain about constraints later on when it may be too late to achieve fundamental change.

If only SC 27 had taken such a proactive stance on IoT security way back when it was in its infancy!

Speaking as a former biologist and current pedant, frequent use of “ecosystem” catches my beady eye. The standard is not talking about living organisms interacting with the natural environment, but conceptual linkages between IT systems, networks, organisations and individuals in the technology context. Surely there is a more accurate term than ‘ecosystem’?

 

 

< Previous standard      ^ Up a level ^      Next standard >

Copyright © 2021 IsecT Ltd.